SAP Authorizations Authorization check - SAP Admin

Direkt zum Seiteninhalt
Authorization check
Authorization concept
As part of identifying authorization problems, it should be documented what the risks are if the current situation is maintained. Often, those responsible in the company do not want to make a correction because it causes costs and work. If the current concept works and security gaps are abstract, many people in charge are reluctant to change anything. For these reasons, the first step should be to document what problems and dangers lurk if the current concept is not corrected: First, the risk of fraud, theft, and data privacy and security breaches increases. Documentation can help identify where dangers lie. There is a fundamental problem of financial damage to the company if action is not taken. Another danger is that users will experiment with their authorizations and cause damage that can be avoided by having a clean authorization structure. Also a problem is the increased administrative overhead of granting and managing permissions. The effort increases if the current role assignments are not transparent and optimally structured.

Increasingly, it is possible to make use of automation in the security environment. Although these are not yet used by many companies, they are the next step in digital transformation. By using automation intelligently, companies can free up resources for the innovation topics that really matter. In the future, we can expect both the number and power of automation tools to increase. It is therefore only a matter of time before SAP itself also delivers optimized support in the form of tools as standard.
Checking at Program Level with AUTHORITY-CHECK
The best way for companies to combat historically grown uncontrolled growth in authorizations is to prevent it. An analysis of whether the current authorization concept is sufficient for the company helps here.

In both cases the transaction S_BCE_68001410 is started. Here you can search for an authorization object by authorization object, authorization object text, object class and other options.

During go-live, the assignment of necessary authorizations is particularly time-critical. The "Shortcut for SAP systems" application provides functions for this purpose, so that the go-live does not get bogged down because of missing authorizations.

If you want to get more information about SAP basis, visit the website

Applications use the ABAP statement AUTHORITY-CHECK in the source code of the program to check whether the user has the appropriate authorizations and whether these authorizations are defined appropriately, that is, whether the user administrator has assigned the values required by the programmer for the fields.

A note box in which data of all kinds can be quickly filed and retrieved. This is what Scribble Papers promises. At first, the program looks very spartan. But once a small structure is in place, you realise the great flexibility of this little helper.

This allows you to see which permissions would be changed in the roles without actually doing so.
Zurück zum Seiteninhalt